Keane Lim 3c5fa979a4 Security guide update

Re-organized topic hierarchy

Tiny edit to restart review workflow.

Squashed with Resolved index.rst conflict commit

Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5
Signed-off-by: Keane Lim <keane.lim@windriver.com>
Signed-off-by: MCamp859 <maryx.camp@intel.com>

2021-03-12 15:10:40 -05:00

2.1 KiB

Raw Blame History

Deprovision Windows Active Directory Authentication

You can remove Windows Active Directory authentication from .

Remove the configuration of kube-apiserver to use oidc-auth-apps for authentication.
1. Determine the UUIDs of parameters used in the kubernetes kube-apiserver group.
  
  These include oidc_client_id, oidc_groups_claim, oidc_issuer_url and oidc_username_claim.
```
~(keystone_admin)$ system service-parameter-list
```
2. Delete each parameter.
```
~(keystone_admin)$ system service-parameter-delete <UUID>
```
3. Apply the changes.
```
~(keystone_admin)$ system service-parameter-apply kubernetes
```

Uninstall oidc-auth-apps.

~(keystone_admin)$ system application-remove oidc-auth-apps

Clear the helm-override configuration.

~(keystone_admin)$ system helm-override-update oidc-auth-apps dex kube-system --reset-values
~(keystone_admin)$ system helm-override-show oidc-auth-apps dex kube-system

~(keystone_admin)$ system helm-override-update oidc-auth-apps oidc-client kube-system --reset-values
~(keystone_admin)$ system helm-override-show oidc-auth-apps oidc-client kube-system

Remove secrets that contain certificate data.

~(keystone_admin)$ kubectl delete secret local-dex.tls -n kube-system
~(keystone_admin)$ kubectl delete secret dex-client-secret -n kube-system
~(keystone_admin)$ kubectl delete secret wadcert -n kube-system

Remove any RoleBindings added for users and/or groups.

For example:

$ kubectl delete clusterrolebinding testuser-rolebinding
$ kubectl delete clusterrolebinding billingdeptgroup-rolebinding

2.1 KiB Raw Blame History

Deprovision Windows Active Directory Authentication

2.1 KiB

Raw Blame History